|
Initial (partial) implementation of HPKP violation reporting
This CL implements some of the core functionality for HPKP violation
reporting, using certificate-report-sending code factored out of
//chrome.
As of this CL, the certificate reporting classes are:
* net::CertificateReportSender: an interface for sending serialized
reports over the network. Implemented by
net::CertificateReportSenderImpl and by unit tests that inject mock
report senders.
* net::TransportSecurityReporter: builds HPKP reports and uses a
net::CertificateReportSender to send them. net::TransportSecurityState
uses a net::TransportSecurityReporter to handle HPKP reports.
* CertificateErrorReporter, in //chrome. This class handles the sending
of Google-specific pinning reports and Safe Browsing Extended
Reporting invalid cert reports (the latter of which it encrypts when
applicable). It uses a net::CertificateReportSender to actually send
reports.
* ChromeFraudulentCertificateReporter can be removed next: it uses a
CertificateErrorReporter to handle Google-specific pinning reports. We
can remove it and replace with a ChromeTransportSecurityReporter that
implements the net::TransportSecurityReporter interface.
Notable to-dos not included in this CL:
* Include an accurate port number on reports generated from QUIC
connections.
* Write dates in the reports in RFC 3339 format.
* Implement report-only mode.
* Allow report-uri to be relative.
* Unify ChromeFraudulentCertificateReporter with this CL by implementing
ChromeTransportSecurityReporter and removing
FraudulentCertificateReporter and ChromeFraudulentCertificateReporter.
* Rate-limit report-sending and detect loops.
BUG= 445793
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+1368 lines, -574 lines) |
Patch |
|
M |
chrome/browser/net/certificate_error_reporter.h
|
View
|
|
5 chunks |
+15 lines, -36 lines |
0 comments
|
Download
|
|
M |
chrome/browser/net/certificate_error_reporter.cc
|
View
|
|
6 chunks |
+18 lines, -74 lines |
0 comments
|
Download
|
|
M |
chrome/browser/net/certificate_error_reporter_unittest.cc
|
View
|
1
|
1 chunk |
+70 lines, -292 lines |
0 comments
|
Download
|
|
M |
chrome/browser/profiles/profile_io_data.h
|
View
|
1
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
chrome/browser/profiles/profile_io_data.cc
|
View
|
|
2 chunks |
+13 lines, -0 lines |
0 comments
|
Download
|
|
M |
chrome/browser/safe_browsing/ping_manager.cc
|
View
|
|
2 chunks |
+4 lines, -3 lines |
0 comments
|
Download
|
|
M |
chrome/browser/ssl/certificate_reporting_test_utils.cc
|
View
|
|
4 chunks |
+12 lines, -8 lines |
0 comments
|
Download
|
|
M |
chrome/browser/ssl/chrome_fraudulent_certificate_reporter.cc
|
View
|
|
2 chunks |
+2 lines, -1 line |
0 comments
|
Download
|
|
M |
chrome/browser/ssl/chrome_fraudulent_certificate_reporter_unittest.cc
|
View
|
1
|
4 chunks |
+29 lines, -9 lines |
0 comments
|
Download
|
|
M |
chrome/browser/ui/webui/net_internals/net_internals_ui.cc
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
A |
net/http/certificate_report_sender.h
|
View
|
1
|
1 chunk |
+31 lines, -0 lines |
0 comments
|
Download
|
|
A |
net/http/certificate_report_sender_impl.h
|
View
|
1
|
1 chunk |
+57 lines, -0 lines |
0 comments
|
Download
|
|
A |
net/http/certificate_report_sender_impl.cc
|
View
|
1
|
1 chunk |
+71 lines, -0 lines |
0 comments
|
Download
|
|
A |
net/http/certificate_report_sender_impl_unittest.cc
|
View
|
1
|
1 chunk |
+264 lines, -0 lines |
0 comments
|
Download
|
|
M |
net/http/http_security_headers.h
|
View
|
|
2 chunks |
+3 lines, -1 line |
0 comments
|
Download
|
|
M |
net/http/http_security_headers.cc
|
View
|
|
2 chunks |
+13 lines, -2 lines |
0 comments
|
Download
|
|
M |
net/http/http_security_headers_unittest.cc
|
View
|
|
14 chunks |
+140 lines, -97 lines |
0 comments
|
Download
|
|
M |
net/http/transport_security_persister.cc
|
View
|
|
3 chunks |
+6 lines, -0 lines |
0 comments
|
Download
|
|
M |
net/http/transport_security_persister_unittest.cc
|
View
|
|
6 chunks |
+51 lines, -4 lines |
0 comments
|
Download
|
|
A |
net/http/transport_security_reporter.h
|
View
|
1
|
1 chunk |
+53 lines, -0 lines |
0 comments
|
Download
|
|
A |
net/http/transport_security_reporter.cc
|
View
|
1
|
1 chunk |
+121 lines, -0 lines |
0 comments
|
Download
|
|
M |
net/http/transport_security_state.h
|
View
|
1
|
9 chunks |
+70 lines, -12 lines |
0 comments
|
Download
|
|
M |
net/http/transport_security_state.cc
|
View
|
|
8 chunks |
+53 lines, -9 lines |
0 comments
|
Download
|
|
M |
net/http/transport_security_state_unittest.cc
|
View
|
|
17 chunks |
+244 lines, -17 lines |
0 comments
|
Download
|
|
M |
net/net.gypi
|
View
|
|
3 chunks |
+6 lines, -0 lines |
0 comments
|
Download
|
|
M |
net/quic/crypto/proof_verifier_chromium.cc
|
View
|
|
1 chunk |
+6 lines, -3 lines |
0 comments
|
Download
|
|
M |
net/socket/ssl_client_socket_nss.cc
|
View
|
|
1 chunk |
+3 lines, -1 line |
0 comments
|
Download
|
|
M |
net/socket/ssl_client_socket_openssl.cc
|
View
|
|
1 chunk |
+3 lines, -1 line |
0 comments
|
Download
|
|
M |
net/spdy/spdy_session.cc
|
View
|
1
|
1 chunk |
+7 lines, -3 lines |
0 comments
|
Download
|
Total messages: 10 (2 generated)
|